IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/282956 | VDB Entry Vendor Advisory |
| https://security.netapp.com/advisory/ntap-20240621-0007/ | Third Party Advisory |
| https://www.ibm.com/support/pages/node/7149874 | Patch Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/282956 | VDB Entry Vendor Advisory |
| https://security.netapp.com/advisory/ntap-20240621-0007/ | Third Party Advisory |
| https://www.ibm.com/support/pages/node/7149874 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
02 Jul 2025, 15:41
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1:*:*:*:*:*:* |
|
| First Time |
Netapp oncommand Insight
Ibm cognos Analytics Ibm Netapp |
|
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/282956 - VDB Entry, Vendor Advisory | |
| References | () https://security.netapp.com/advisory/ntap-20240621-0007/ - Third Party Advisory | |
| References | () https://www.ibm.com/support/pages/node/7149874 - Patch, Vendor Advisory |
Information
Published : 2024-05-02 21:16
Updated : 2025-07-02 15:41
NVD link : CVE-2024-25047
Mitre link : CVE-2024-25047
CVE.ORG link : CVE-2024-25047
JSON object : View
Products Affected
netapp
- oncommand_insight
ibm
- cognos_analytics
CWE
CWE-117
Improper Output Neutralization for Logs